The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit

Audit Report 07-18
February 2007
Office of the Inspector General

Statement on Management Controls

In planning and performing our audit of the FBI’s Controls over Weapons and Laptop Computers, we considered the FBI’s management controls for the purpose of determining our audit procedures. This evaluation was not made for the purpose of providing assurance on the management control structure as a whole. However, we noted certain matters that we consider to be reportable conditions under the Government Auditing Standards.

Reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operation of the management control structure that, in our judgment, could adversely affect the FBI’s ability to manage its control over weapons and laptops. During our audit, we identified the following management control concerns.

The FBI does not maintain records of laptops with NSI classification levels as required by the DOJ CIO.

The FBI failed to improve its documentation of the disposal of excess laptop computers and hard drives to ensure that all sensitive or classified information had been sanitized prior to disposal.

The FBI failed to improve the process to ensure that property is recovered from employees before they leave the FBI.

Because we are not expressing an opinion on the FBI’s management control structure as a whole, this statement is intended solely for the information and use of the FBI in managing its control over weapons and laptops. This restriction is not intended to limit the distribution of this report, which is a matter of public record.